The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security / oscommerce conflict

Discussion in 'Security' started by Daemon1, Nov 14, 2005.

  1. Daemon1

    Daemon1 Well-Known Member

    Joined:
    Nov 26, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    After installing mod_security images no longer appear to load on a particular account's oscommerce install. I am using the default mod_security rules supplied with Cpanel. Does anyone know of a way to either configure mod_security to allow oscommerce to function correctly on this account or a particular default rule set which may be disallowing it to work?

    Thanks for your help, I basically want to be able to get these images to load without having to disable mod_security. Is there someway to ignore or allow limited access for oscommerce with mod_security? Thanks!
     
  2. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    I just recently installed mod_security as well, saw your post and checked 4 different sites running OsCommerce and they are all okay. Just guessing but you might check the permissions of the directory to make sure they are not 777 ??? Hope this helps
     
    #2 rhenderson, Nov 14, 2005
    Last edited: Nov 14, 2005
  3. ntwaddel

    ntwaddel Well-Known Member

    Joined:
    Nov 3, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Templeton, CA
    have you checked the log to see which rule is causing it to fail? If so, just disable that rule or modify it
     
  4. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I had the same problem with a couple of OSCommece sites and thought mod_security was causing the problem. But when I checked the server's error log I saw several of these messages:

    [error] (22)Invalid argument: setrlimit(RLIMIT_AS): failed to set memory usage limit

    I stopped apache completely, then restarted it and the images reappeared.
     
  5. Daemon1

    Daemon1 Well-Known Member

    Joined:
    Nov 26, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    The clients oscommerce image & include folder is infact 777, what should they be? I changed the images folder to 755 and that didnt do anything, no images load still.

    The client says nothing was altered, the only thing changed on the server is the installation of mod_security. The oscommerce logo's properties at the top for example shows "http:///images/oscommerce.gif" which is obviously wrong, but when viewing the source it shows "images/oscommerce.gif" as it should.

    I have looked into the configure.php file and all of the values look fine with no leading /'s or anything like that. I am stumped as to why this is happening and the only reason I could see was mod_security but I just cleared all the rules and tried it again and the images still dont load! What's going on with this script? If you put the full path to the image in the address bar it loads so the images are there. Stumped! :confused:

    Here is the config file, anything look wrong to you? User is running script from domain.com/catalog

    Code:
    // Define the webserver and path parameters
    // * DIR_FS_* = Filesystem directories (local/physical)
    // * DIR_WS_* = Webserver directories (virtual/URL)
      define('HTTP_SERVER', 'http://www.domain.com'); // eg, http://localhost - should not be empty for productive servers
      define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
      define('ENABLE_SSL', false); // secure webserver for checkout procedure?
      define('HTTP_COOKIE_DOMAIN', 'www.domain.com');
      define('HTTPS_COOKIE_DOMAIN', '');
      define('HTTP_COOKIE_PATH', '/catalog/');
      define('HTTPS_COOKIE_PATH', '');
      define('DIR_WS_HTTP_CATALOG', '/catalog/');
      define('DIR_WS_HTTPS_CATALOG', '');
      define('DIR_WS_IMAGES', 'images/');
      define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
      define('DIR_WS_INCLUDES', 'includes/');
      define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
      define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
      define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
      define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
      define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
    
      define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
      define('DIR_FS_CATALOG', '/home/domain/public_html/catalog/');
      define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
      define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
     
  6. Daemon1

    Daemon1 Well-Known Member

    Joined:
    Nov 26, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Wow, what the hell... That worked for me aswell lol Had to totally stop and start apache and then the images loaded again. VERY strange, did you end up finding out why this happens? Damn confusing!
     
  7. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    This keeps on happening. We've had it happened several times and restarting apache solves it.
    Last time it happened (today) was when installing new mod_security rules. It broke all images again.

    Anyone else having this problem?
     
  8. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I've seen this setrlimit() message in the logfiles, though far as I can tell it isn't breaking anything. I'd love to know what's causing it though!
     
  9. speckados

    speckados Well-Known Member

    Joined:
    May 21, 2003
    Messages:
    291
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Acequias :: Granada :: España
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    ps -aux | grep http

    And you show /../../httpd

    instead /../../httpd -DSSL

    If you show first, you have a problem with SSL mecanism. After restart apache this problem dissapears.

    A comun error on Cpanel System. You must create a cron for verified -DSSL and if not it's working restart Apache. After investigating how it's the problem that crash SSL mecanism.

    If SSL don't work a common configure.php of oscommerce,
    Code:
    define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
      define('ENABLE_SSL', false);
    and work system of oscommerce get HTTP variables, and put images over https:// connection, and this don't work if customer haven't a SSL over domain.
     
  10. internetfab

    internetfab Well-Known Member
    PartnerNOC

    Joined:
    Feb 20, 2003
    Messages:
    336
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Gothenburg, Sweden
    cPanel Access Level:
    DataCenter Provider
    Thanks, I'll check next time the problem surfaces. I think that it usually is when we've configured mod_sec. My guess is that after configuring mod_sec, WHM restarts apache without SSL option and you have to restart it again.
     
Loading...

Share This Page